Difference between revisions of "Bibliography"

From Hacking Printers
Jump to: navigation, search
(Created page with "[2014] Costin: "A Large-Scale Analysis of the Security of Embedded Firmwares" ----------------------------------- [2013] Zaddach: "Embedded Devices Security and Firmware Rev...")
 
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[2014] Costin: "A Large-Scale Analysis of the Security of Embedded Firmwares"
+
== Research by date ==
  
-----------------------------------
+
=== 2017 ===
  
[2013] Zaddach: "Embedded Devices Security and Firmware Reverse Engineering"
+
'''SoK: Exploiting Network Printers''' ([https://www.nds.rub.de/media/ei/veroeffentlichungen/2018/07/11/printer-security.pdf PDF])
 +
<br>by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Blogpost: [http://web-in-security.blogspot.de/2017/01/printer-security.html]
  
-----------------------------------
+
=== 2016 ===
  
- [2014] Jordon: "ARM Wrestling a Printer" | Canon Firmware RCE
+
'''Exploiting Network Printers:  A Survey of Security Flaws in Laser Printers and Multi-Function Devices''' ([https://www.nds.rub.de/media/ei/arbeiten/2017/01/30/exploiting-printers.pdf PDF])
 +
<br>by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Proof-of-concept code: [https://github.com/RUB-NDS/PRET]
  
* LINK: http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/
+
'''PWN Xerox Printers (...again): About Hardware Attacks and Insecure Cloning''' ([https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/xerox_phaser_6700_white_paper.pdf PDF])
 +
<br>by Peter Weidenbach, Raphael Ernst
  
-----------------------------------
+
=== 2014 ===
  
- [2010] Costin: "Hacking Printers for Fun and Profit" | Use Word/JS/Java to deploy PostScript Payload
+
'''A Large-Scale Analysis of the Security of Embedded Firmwares''' ([https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-paper-costin.pdf PDF])
*  VIDEO: https://www.youtube.com/watch?v=R56ZXErKCeE
+
<br>by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti | Video: [https://www.youtube.com/watch?v=5gf6mFz1rPM]
  
- [2011] Costin: "PostScript(um): You’ve Been Hacked" | PS-Shell | Look into Firmware | API available to PS-Language | {Memory Dumper, BSD-Sockets}, Xerox Firmware Update via PS-File, MSF/Attacking Demo Toolkit
+
'''Hacking Canon Pixma Printers - Doomed Encryption''' ([http://www.contextis.com/resources/blog/hacking-canon-pixma-printers-doomed-encryption/ HTML])
*  LINK: https://www.corelan.be/index.php/2012/05/25/hitb2012ams-day-2-postscript-danger-ahead/
+
<br>by Michael Jordon
*  VIDEO: https://www.youtube.com/watch?v=PqL5P46m_zQ
+
  
-----------------------------------
+
=== 2013 ===
  
- [2011] Cui: "Print me if you Dare" | HP Firmware RCE
+
'''Embedded Devices Security and Firmware Reverse Engineering''' ([http://s3.eurecom.fr/docs/bh13us_zaddach.pdf PDF])
 +
<br>by Jonas Zaddach, Andrei Costin
  
*  TALK: http://events.ccc.de/congress/2011/Fahrplan/events/4780.en.html
+
'''Research Report on the Security of MFPs''' ([https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf])
*  TALK: http://boingboing.net/2011/12/30/printer-malware-print-a-malic.html
+
<br>by IPA Information-technology Promotion Agency, Japan
*  VIDEO: https://www.youtube.com/watch?v=njVv7J2azY8
+
*  SLIDES: http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf
+
  
-----------------------------------
+
=== 2012 ===
  
- [2011] Smith: "Printers gone Wild" | PrintFS PJL filesystem
+
'''PostScript: Danger Ahead?!'''
 +
<br>by Andrei Costin | Slides: [https://infocon.org/cons/Hack%20In%20Paris/Hack%20In%20Paris%202012/Slides/Andrei-PostScript%20Danger%20Ahead.pdf] | Video: [https://www.youtube.com/watch?v=ygcs0m5C9ZI]
  
*  LINK: http://blog.c22.cc/2011/01/29/shmoocon-2011-printers-gone-wild/
+
=== 2011 ===
*  CODE: http://www.remote-exploit.org/articles/printfs/index.html
+
  
-----------------------------------
+
'''Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware'''
 +
<br>by Ang Cui, Salvatore Stolfo | Slides: [http://ids.cs.columbia.edu/sites/default/files/CuiPrintMeIfYouDare.pdf] | Video: [https://www.youtube.com/watch?v=njVv7J2azY8]
  
- [2011] Heiland: "From Printer to Pwnd" | Praeda toolkit
+
'''Printers gone Wild (PrintFS PJL filesystem)'''
 +
<br>by Ben Smith | Video: [http://www.securitytube.net/video/1395] | Proof-of-concept code: [http://www.remote-exploit.org/articles/printfs/index.html]
  
*  CODE: https://github.com/percx/Praeda
+
'''From Printer to Pwnd: Leveraging Multifunction Printers During Penetration Testing'''
*  VIDEO: https://www.youtube.com/watch?v=HMSLMsPJ010
+
<br>by Deral Heiland | Slides: [http://foofus.net/goons/percx/defcon/P2PWND.pdf] | Video: [https://www.youtube.com/watch?v=PH4pTCmKgOg] | Proof-of-concept code: [https://github.com/percx/Praeda]
*  SLIDES: http://www.slideshare.net/403Labs/exploiting-vulnerabilities-in-multifunction-printersa
+
  
- [2011] Heiland: "From Patched to Pwned" | Xerox DLM RCE
+
'''From Patched to Pwned: Attacking Xerox's  Multifunction Printers Patch Process''' ([http://foofus.net/goons/percx/Xerox_hack.pdf PDF])
 +
<br>by Deral Heiland
  
*  LINK: http://foofus.net/goons/percx/Xerox_hack.pdf
+
=== 2010 ===
*  LINK: http://www.xerox.com/download/security/security-bulletin/1284332-2ddc5-4baa79b70ac40/cert_XRX12-003_v1.1.pdf
+
  
-----------------------------------
+
'''Hacking Printers for Fun and Profit'''
 +
<br>by Andrei Costin | Slides: [http://andreicostin.com/papers/Conf%20-%20Hack.lu%20-%202010%20-%20Luxembourg%20-%20AndreiCostin_HackingPrintersForFunAndProfit.pdf] | Video: [https://www.youtube.com/watch?v=R56ZXErKCeE]
  
- [2010] NBS: "Juste une imprimant?" | Lexmark/generic attacks
+
'''Juste une imprimant?'''
 +
<br>by NBS System | Slides: [http://www.ossir.org/jssi/jssi2010/1A.pdf]
  
*  SLIDES: http://www.ossir.org/jssi/jssi2010/1A.pdf
+
=== 2006 ===
  
-----------------------------------
+
'''Hacking Network Printers''' ([http://www.irongeek.com/i.php?page=security/networkprinterhacking HTML])
 +
<br>by Adrian Crenshaw (Irongeek)
  
- [2006] Irongeek: "Hacking Network Printers" | HP/generic tricks
+
=== 2002 ===
  
*  LINK: http://www.irongeek.com/i.php?page=security/networkprinterhacking
+
'''Understanding, Reversing, and Hacking HP Printers''' ([http://search.lores.eu/realicra/hp_slobo.htm HTML])
 +
<br>by Slobotron
  
-----------------------------------
+
'''Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)'''
 
+
<br>FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [http://www.phenoelit.org/hp/index.html]
- [2002] Slobotron: "Hacking HP Printers" | HP/generic tricks
+
 
+
*  LINK: http://search.lores.eu/realicra/hp_slobo.htm
+
 
+
-----------------------------------
+
 
+
- [2002] Phenoelit: "Printer Exploration" | Hijetter PJL tool
+
 
+
*  LINK: http://www.phenoelit.org/hp/index.html
+
*  CODE: PFT/Hijetter, libPJL, ChaiPortScan, ChaiCrack
+
 
+
-----------------------------------
+
 
+
- Miscellaneous
+
 
+
*  https://www.altamiracorp.com/blog/employee-posts/hacking-hp-printers-for-fun-profit
+
*  http://hackonadime.blogspot.com/2011/12/hacking-printers-pjl-basics.html
+
*  https://www.ipa.go.jp/security/jisec/apdx/documents/20130312report_E.pdf
+
*  http://www.darkreading.com/vulnerabilities-and-threats/corporate-espionages-new-friend-embedded-web-servers/d/d-id/1100343?
+
*  https://homepages.laas.fr/matthieu/talks/secu-impression.pdf
+
 
+
-----------------------------------
+

Latest revision as of 12:05, 11 July 2018

Research by date

2017

SoK: Exploiting Network Printers (PDF)
by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Blogpost: [1]

2016

Exploiting Network Printers: A Survey of Security Flaws in Laser Printers and Multi-Function Devices (PDF)
by Jens Müller, Juraj Somorovsky, Vladislav Mladenov | Proof-of-concept code: [2]

PWN Xerox Printers (...again): About Hardware Attacks and Insecure Cloning (PDF)
by Peter Weidenbach, Raphael Ernst

2014

A Large-Scale Analysis of the Security of Embedded Firmwares (PDF)
by Andrei Costin, Jonas Zaddach, Aurélien Francillon, and Davide Balzarotti | Video: [3]

Hacking Canon Pixma Printers - Doomed Encryption (HTML)
by Michael Jordon

2013

Embedded Devices Security and Firmware Reverse Engineering (PDF)
by Jonas Zaddach, Andrei Costin

Research Report on the Security of MFPs ([4])
by IPA Information-technology Promotion Agency, Japan

2012

PostScript: Danger Ahead?!
by Andrei Costin | Slides: [5] | Video: [6]

2011

Print Me If You Dare: Firmware Modification Attacks and the Rise of Printer Malware
by Ang Cui, Salvatore Stolfo | Slides: [7] | Video: [8]

Printers gone Wild (PrintFS PJL filesystem)
by Ben Smith | Video: [9] | Proof-of-concept code: [10]

From Printer to Pwnd: Leveraging Multifunction Printers During Penetration Testing
by Deral Heiland | Slides: [11] | Video: [12] | Proof-of-concept code: [13]

From Patched to Pwned: Attacking Xerox's Multifunction Printers Patch Process (PDF)
by Deral Heiland

2010

Hacking Printers for Fun and Profit
by Andrei Costin | Slides: [14] | Video: [15]

Juste une imprimant?
by NBS System | Slides: [16]

2006

Hacking Network Printers (HTML)
by Adrian Crenshaw (Irongeek)

2002

Understanding, Reversing, and Hacking HP Printers (HTML)
by Slobotron

Printer Exploration (PFT and Hijetter, libPJL, ChaiPortScan, ChaiCrack)
FtR of Phenoelit, FX of Phenoelit | Proof-of-concept code: [17]